It appears that you're running an Ad-Blocker. This site is monetized by Advertising and by User Donations; we ask that if you find this site helpful that you whitelist us in your Ad-Blocker, or make a Donation to help aid in operating costs.

Actually when they released the initial vulnerability info, they also stated their research wasnt concluded. At that point they had only tested it on a few systems(actually i think only one). About a week later they issued this statement:

"We have inspected this issue a bit more, and found out that on most Unix systemsthe buf buffer is not followed by such data. We base this conclusion upon thesimple fact that we didn't manage to crash sendmail by feeding it with 250sequences of <> chars in the from address string. This means that this issue doesnot seam to be exploitable on them. The following table presents a summary ofour findings:

I don't think the fact that they haven't managed to crash the above systems can be interpeted as a the hole being a pointless vulnerability. Needless to say its very difficult to remotely crash a system using this hole but a local user may have more luck ;-> , anyone see the new win 2k IIS exploit?, released by Rafael Nunez, formally of 'RaFa'. Take a step back and bow

beta test, v: To voluntarily entrust one's data, one's livelihood and one's sanity to hardware or software intended to destroy all three. In earlier days, virgins were often selected to beta test volcanos.